prometei_elf | 0fd40d2ef17e10df7672c476f319f1ebcef3be1e12c7db0dddc65716a469f4da | Triage

Sharing

General

Target

na.elf
Size

425KB
Sample

250328-v14l2ayygz
MD5

9dedbf4be6b5bf234a26de159f605cb0
SHA1

39870ac62deac3cbd38557dd9fa0e8a13673267b
SHA256

0fd40d2ef17e10df7672c476f319f1ebcef3be1e12c7db0dddc65716a469f4da
SHA512

97d686588289a51ef62c544ced55e796d997e67654637e6b0bd752d464ad93fd810533de3f59a716bcf868c10b157bc9888c9748bdaaa2ff8cb52b7d8be09763
SSDEEP

6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgH:25WOSACZSV6eKRH5EPiamb4DsDwwcX

Score

10^/10

prometei_elf botnet discovery linux miner persistence privilege_escalation upx

Malware Config

Targets

- Target
  
  na.elf
- Size
  
  425KB
- MD5
  
  9dedbf4be6b5bf234a26de159f605cb0
- SHA1
  
  39870ac62deac3cbd38557dd9fa0e8a13673267b
- SHA256
  
  0fd40d2ef17e10df7672c476f319f1ebcef3be1e12c7db0dddc65716a469f4da
- SHA512
  
  97d686588289a51ef62c544ced55e796d997e67654637e6b0bd752d464ad93fd810533de3f59a716bcf868c10b157bc9888c9748bdaaa2ff8cb52b7d8be09763
- SSDEEP
  
  6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgH:25WOSACZSV6eKRH5EPiamb4DsDwwcX
Score

10^/10

prometei_elf botnet discovery miner persistence privilege_escalation upx
- Prometei
  Prometei is a multiplatform botnet used to mine cryptocurrency.
  botnet miner prometei_elf
- Prometei_elf family
  prometei_elf
- Deletes itself
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Modifies systemd
  Adds/ modifies systemd service files. Likely to achieve persistence.
  persistence privilege_escalation
- Write file to user bin folder
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Privilege Escalation

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

prometei_elfbotnetdiscoveryminerpersistenceprivilege_escalationupx